diff options
| -rw-r--r-- | configuration/snorlax.nix | 4 | ||||
| -rw-r--r-- | configuration/snorlax/default.nix (renamed from roles/server.nix) | 10 | ||||
| -rw-r--r-- | configuration/snorlax/disk-config.nix (renamed from hardware/snorlax-disks.nix) | 0 | ||||
| -rw-r--r-- | configuration/snorlax/facter.json (renamed from hardware/snorlax.json) | 0 | ||||
| -rw-r--r-- | configuration/snorlax/gitea.nix (renamed from configuration/gitea.nix) | 4 | ||||
| -rw-r--r-- | configuration/users/default.nix (renamed from roles/base.nix) | 12 | ||||
| -rw-r--r-- | flake.nix | 16 | ||||
| -rw-r--r-- | hardware/zfs-impermanence-disk-config.nix | 80 | ||||
| -rw-r--r-- | hosts/hardware-configuration/tarreltaart.nix | 32 | ||||
| -rw-r--r-- | hosts/tarreltaart.nix | 16 | ||||
| -rw-r--r-- | keys/id_tarrel.pub (renamed from files/id_tarrel.pub) | 0 | ||||
| -rw-r--r-- | keys/id_work.pub (renamed from files/id_work.pub) | 0 | ||||
| -rw-r--r-- | roles/desktop.nix | 1 | ||||
| -rw-r--r-- | services/unifi.nix | 7 |
14 files changed, 13 insertions, 169 deletions
diff --git a/configuration/snorlax.nix b/configuration/snorlax.nix deleted file mode 100644 index fd012d5..0000000 --- a/configuration/snorlax.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - networking.hostName = "snorlax"; -} diff --git a/roles/server.nix b/configuration/snorlax/default.nix index bd82f5a..8ed9169 100644 --- a/roles/server.nix +++ b/configuration/snorlax/default.nix @@ -1,9 +1,15 @@ { ... }: { - imports = [ ./base.nix ]; + imports = [ + ./disk-config.nix + ./gitea.nix + ../users + ]; - programs.mtr.enable = true; + networking.hostName = "snorlax"; + system.stateVersion = "24.11"; + programs.mtr.enable = true; services.openssh = { enable = true; allowSFTP = false; diff --git a/hardware/snorlax-disks.nix b/configuration/snorlax/disk-config.nix index aa789a3..aa789a3 100644 --- a/hardware/snorlax-disks.nix +++ b/configuration/snorlax/disk-config.nix diff --git a/hardware/snorlax.json b/configuration/snorlax/facter.json index 521d8e2..521d8e2 100644 --- a/hardware/snorlax.json +++ b/configuration/snorlax/facter.json diff --git a/configuration/gitea.nix b/configuration/snorlax/gitea.nix index f9e48f4..8b814d9 100644 --- a/configuration/gitea.nix +++ b/configuration/snorlax/gitea.nix @@ -6,8 +6,8 @@ group = "git"; hashedPassword = "$6$Rc//lmBr5orYHn.0$M9y3Zj4zCe723r8hYGIhPC5kPv5SVGHjF1FsjrT9IIx7trxuNTLtLDQVL9lhmR5/7bFMUFEf0CMx9w7.vgXgY0"; openssh.authorizedKeys.keyFiles = [ - ../files/id_tarrel.pub - ../files/id_work.pub + ../../keys/id_tarrel.pub + ../../keys/id_work.pub ]; }; diff --git a/roles/base.nix b/configuration/users/default.nix index da82c25..a074ac9 100644 --- a/roles/base.nix +++ b/configuration/users/default.nix @@ -1,7 +1,5 @@ { pkgs, ... }: { - nixpkgs.config.allowUnfree = true; - programs.zsh.enable = true; users.mutableUsers = false; @@ -12,10 +10,7 @@ extraGroups = [ "wheel" ]; shell = pkgs.zsh; packages = with pkgs; [ git helix curl ]; - openssh.authorizedKeys.keyFiles = [ - ../files/id_tarrel.pub - ../files/id_work.pub - ]; + openssh.authorizedKeys.keyFiles = [ ../../keys/id_tarrel.pub ../../keys/id_work.pub ]; }; i18n.defaultLocale = "en_US.UTF-8"; @@ -30,9 +25,4 @@ LC_TELEPHONE = "nl_NL.UTF-8"; LC_TIME = "nl_NL.UTF-8"; }; - - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; } @@ -89,22 +89,10 @@ system = "x86_64-linux"; modules = [ - { system.stateVersion = "24.11"; } - disko.nixosModules.disko nixos-facter-modules.nixosModules.facter - { - config.facter.reportPath = - if builtins.pathExists ./hardware/snorlax.json then - ./hardware/snorlax.json - else - throw "Have you forgotten to run nixos-anywhere with `--generate-hardware-config nixos-facter ./hardware/snorlax.json`?"; - } - - ./hardware/snorlax-disks.nix - ./roles/server.nix - ./configuration/snorlax.nix - ./configuration/gitea.nix + { config.facter.reportPath = ./configuration/snorlax/facter.json; } + ./configuration/snorlax ]; }; }; diff --git a/hardware/zfs-impermanence-disk-config.nix b/hardware/zfs-impermanence-disk-config.nix deleted file mode 100644 index 9087825..0000000 --- a/hardware/zfs-impermanence-disk-config.nix +++ /dev/null @@ -1,80 +0,0 @@ -# USAGE in your configuration.nix. -# Update devices to match your hardware. -# { -# imports = [ ./disko-config.nix ]; -# disko.devices.disk.main.device = "/dev/sda"; -# } -{ - disko.devices = { - disk = { - main = { - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - rootFsOptions = { - # https://wiki.archlinux.org/title/Install_Arch_Linux_on_ZFS - acltype = "posixacl"; - atime = "off"; - compression = "zstd"; - mountpoint = "none"; - xattr = "sa"; - }; - options.ashift = "12"; - - datasets = { - "local" = { - type = "zfs_fs"; - options.mountpoint = "none"; - }; - "local/home" = { - type = "zfs_fs"; - mountpoint = "/home"; - # Used by services.zfs.autoSnapshot options. - options."com.sun:auto-snapshot" = "true"; - }; - "local/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options."com.sun:auto-snapshot" = "false"; - }; - "local/persist" = { - type = "zfs_fs"; - mountpoint = "/persist"; - options."com.sun:auto-snapshot" = "false"; - }; - "local/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options."com.sun:auto-snapshot" = "false"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/local/root@blank$' || zfs snapshot zroot/local/root@blank"; - }; - }; - }; - }; - }; -} diff --git a/hosts/hardware-configuration/tarreltaart.nix b/hosts/hardware-configuration/tarreltaart.nix deleted file mode 100644 index e3913be..0000000 --- a/hosts/hardware-configuration/tarreltaart.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.end0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/tarreltaart.nix b/hosts/tarreltaart.nix deleted file mode 100644 index 42461f6..0000000 --- a/hosts/tarreltaart.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - imports = [ - ./hardware-configuration/tarreltaart.nix - ../roles/server.nix - ../roles/git-server.nix - ]; - - system.stateVersion = "24.11"; - - networking.hostName = "tarreltaart"; - time.timeZone = "Europe/Amsterdam"; - - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; -} diff --git a/files/id_tarrel.pub b/keys/id_tarrel.pub index d52bb07..d52bb07 100644 --- a/files/id_tarrel.pub +++ b/keys/id_tarrel.pub diff --git a/files/id_work.pub b/keys/id_work.pub index bc9457e..bc9457e 100644 --- a/files/id_work.pub +++ b/keys/id_work.pub diff --git a/roles/desktop.nix b/roles/desktop.nix deleted file mode 100644 index 8b13789..0000000 --- a/roles/desktop.nix +++ /dev/null @@ -1 +0,0 @@ - diff --git a/services/unifi.nix b/services/unifi.nix deleted file mode 100644 index 7d351d4..0000000 --- a/services/unifi.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - # https://help.ui.com/hc/en-us/articles/218506997-Required-Ports-Reference - networking.firewall.allowedTCPPorts = [ 8080 8000 8443 8880 8843 6789 27117 ]; - networking.firewall.allowedUDPPorts = [ 3478 5514 10001 1900 123 ]; - networking.firewall.allowedUDPPortRanges = [ { from = 5656; to = 5699; } ]; -} |